package com.jz.netthings.security.browser;


import com.jz.netthings.security.browser.authentication.FormAuthenticationConfig;
import com.jz.netthings.security.service.SecurityLoginUserService;
import com.jz.netthings.support.SecurityConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;

/**
 * 浏览器环境下的安全主类
 * @author yyy
 * @date 2018年7月26日
 */
@Component
//@EnableGlobalMethodSecurity(prePostEnabled=true)//是否开启基于方法的权限控制
public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    FormAuthenticationConfig formAuthenticationConfig;

    @Autowired
    SecurityLoginUserService securityLoginUserService;

    @Autowired
    AccessDeniedHandler adscmUrlAccessDeniedHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        formAuthenticationConfig.configure(http);

        http.authorizeRequests()
                .antMatchers(SecurityConstants.DEFAULT_NEEDLOGIN)
                .access("@securityLoginUserService.isLogin(request)")
                .and()
                .authorizeRequests().antMatchers(SecurityConstants.DEFAULT_PERMITALL)
                .permitAll()
                .and()
                .authorizeRequests().antMatchers(SecurityConstants.DEFAULT_REQUEST_URL_PREFIX + "/**")
                .access("@securityLoginUserService.isLogin(request) and @securityLoginUserService.hasPermission(request)")
                .and()
                .exceptionHandling().accessDeniedHandler(adscmUrlAccessDeniedHandler)
                .and()
                .csrf().disable();

    }


}
